IT Security Trends 2024

"Thinking 'Who's Going to Bother Attacking Us?' Isn't Good Enough"

For the November issue of the Industrial Communication Journal, Editor Bastian Fitz spoke to genua Managing Director Matthias Ochs about current technology trends in cyber security and geopolitical threats in 2024. You can read the whole interview here.

In your opinion, how big is the threat of geopolitically motivated cyber attacks in the coming year? What precautions should companies take?

Matthias Ochs: All analyses and findings show a clear trend: The number and severity of cyber attacks is constantly growing. For companies it is ultimately of secondary importance whether the attacks are politically motivated or committed for the purpose of extortion. It is also important to recognize that thinking "who's going to bother attacking us?" isn't good enough. Attacks are often automated. So companies can quickly be affected as collateral damage.

As of May 1, the German IT Security Act 2.0 makes it obligatory for operators of critical infrastructure to implement extended security measures, especially regarding attack detection. What solutions do you offer in this regard?

Mattias Ochs: With cognitix Threat Defender, we offer a particularly advanced solution for this. It enables our customers to meet the applicable attack detection requirements and also perform important analyses of their network more or less live. Also, irrespective of the legal requirements, I consider having this kind of analysis capability in your own network to be an essential part of cyber security.

2023 is set to be a defining year for the metaverse trend. What is your perspective on this in terms of IT security?

Matthias Ochs: From my perspective, the IT security challenges of a metaverse are not fundamentally different than those of social networks or familiar services such as online shopping. The security of your own identity is the top priority, closely followed by critically checking which content and information about yourself you should reasonably be making available to all users online.

In terms of identity, you at least make it more difficult for attackers if you use secure passwords and two-factor authentication. In relation to this, the German Federal Office for Information Security (BSI) provides citizens and companies with important recommendations and explanations that people should consider.

The convergence of IT and OT has been one of the key topics of the last years in the industry. Which developments do you expect in this field in the next year?

Matthias Ochs: I think the trend of IT and OT progressively converging will continue. The digitization in the industry is enabling new competitive advantages and will become more and more of a distinguishing feature. New technologies such as the currently massive progress in artificial intelligence will accelerate this trend.

For security, this essentially means that in the same way in which we deal with IT developments, we must master the ever more complex networks and framework conditions in OT. This also means that those responsible for security in the industry must raise their processes, methods and tools in OT to a corresponding level. Our customers benefit from our extensive experience in the IT world, where we have been dealing with security topics for decades already.

In your opinion, how big is the threat of a democratization of cyber criminality, for example through business models such as "ransomware as a service"?

Matthias Ochs: Since there are still states where such criminal business models are not combatted effectively or are even interwoven with state actors, I predict that we will continue to see attacks become more frequent and more professional. Like everyone else, attackers use the latest technologies, such as AI, to further improve their chances of success. Companies must counteract these developments by continuing to invest in cyber security. Another important aspect is close collaboration with public authorities, especially the police.

In your opinion, how necessary is green security given the rising energy prices and raw material shortage?

Matthias Ochs: Sustainability will become more important for all products. Naturally, that applies to IT and IT security as well. Trends such as the virtualization of security components and the use of modern CPU platforms can drive progress in this area. Here too, companies must be prepared to invest to get rid of old, less energy-efficient systems.

In the coming year, mobile edge computing via 5G is to become a bigger part of productive operations. In your opinion, which security concepts are necessary here?

Matthias Ochs: To ensure that networks are used securely, it is first necessary to create a trustworthy network infrastructure. Above all, this can be achieved using products from trustworthy, certified manufacturers. This premise is also fully applicable to mobile networks. Furthermore, all proven security concepts can be used in principle. Zero trust is particularly well suited for enabling infrastructure to be largely independent. However, integration into an overall architecture is crucial.

Looking to the future, which security topics do you think will be relevant in the short to medium term? And for which of these threats can companies prepare now?

Matthias Ochs: Artificial intelligence will lead to considerable changes in cyber security. This technology holds new challenges and opportunities for both attackers and defenders. For many years already, our research department has been addressing the use of artificial intelligence in cyber security. For example, we are working on intelligent firewalls and network solutions that enable administrators to understand and control data traffic despite networks being highly complex and dynamic.

Quantum computers call into question many cryptographic techniques and thus the confidentiality and security of all digital data. In this regard, it is necessary to take action today by implementing solutions involving new crypto algorithms that provide sufficient protection against quantum computers. We have also been working on this topic for over ten years, together with the global research community. The findings are already being implemented the development of our products.

People often focus on the possible technological developments, but big threats can also come from geopolitical developments. Just think about how the Western world's relationship with China has changed.

This interview originally appeared in: Industrial Communication Journal 4 (TeDo Verlag) dated Oktober 16, 2023.